Risk Management Framework is the company way of work with regards to
identifying, monitoring, mitigate, assess, and deals with risks. Corporate governance relates to relationship between a companys management, its board, its shareholders, and other stakeholders. Structure within the company together with the delegation of duties and responsibilities. Typical framework: BOD -> CEO -> Senior Management (from business unit and functions) -> Middle management -> Staff. Risk: the probability of something happening that might jeopardize achieving the objective. Systematic risk -> cannot be reduced by diversification. A common risk that is inherent in the system. Diversifiable risk -> risk that can be reduced by diversification by combinations of several distinctive risks. Risk and Reward -> high risk high reward and vice versa. Types of Risks Financial Risk: Credit risk, market risk, and liquidity risk Non Financial Risk: Operational risks, strategic or business risks, application or implementation risks, contagion and related party risk, competition risk, reputational risks, and so on. Hazard risk and underwriting risks: Hazards -> fire, natural perils, crime, injury and underwriting risk refers to mispricing. Risk Management is the approach to manage the impact of risks in order to achieve objectives. ERM is the process of identifying, managing, control, exploit, finance, and monitor risks from all sources in the purpose of achieving/maximizing the objectives based on the exposure of risks, this is much more than risk avoidance or risk reduction. Risk Management Process 1. Establish the context; Needs to consider the internal (legal, regulatory, social expectations, market, economics), external (risk appetite, risk tolerance, capability within company), and risks management context (project scope, time frame, costs, resources, roles and responsibilities). 2. Identify Risks It is not easy because: new risks are emerging, accidentally missed, not easily understood, risks are changing, different perspective of people 3. Analyze Risks To understand the impact/likelihood of the identified risks might have on the company. Impact = high, medium, low
Likelihood = likely, medium, unlikely; this is like a heat map
Can also use a distribution of impact to better understand the range of exposures. Can also use models to quantify the risks Stress testing to use many scenarios and understand its implication to the company Analysis and ERM To understand how the risks interact with each other. 4. Evaluate Risks 5. Treat Risks 6. Monitor, communicate, and consult in each step process